Privacy Rules are important for keeping your app’s data private, but they are often overlooked, especially by new users. That’s why we’re introducing a few subtle “nudges” in the product to help users find a good starting point for the Privacy Rules for their data types.
These nudges include the following:
In the Data Types and Privacy sub-tabs under Data, you’ll now see a small visual cue for whether the type has privacy rules applied or if it’s publicly visible (example):
When creating a new data type, you’ll see a new checkbox that asks whether you want it to be public or private. If you choose private, the data type will be created with 1 privacy rule that allows the creator of that thing to see it, but everybody else won’t have access to those things (this can be changed to your desire later, of course)
Soon, all new apps will be created with a default privacy rule on the User data type such that only that user can see their own thing (though this can also be changed later)
[5/20/2021 update: the default is now unchecked, ie public]
Because of these changes, the old Settings toggle to make data type private by default will no longer be an option. Any apps that had this turned on will continue to have it in effect and will continue to see the checkbox in Settings, but if they uncheck the setting, they will no longer have the option to turn it back on. We hope this will help guide Bubble apps to stronger data privacy settings!
Thanks for the info, @tj-bubble. I just noticed the Make this data type private checkbox but was disappointed (mildly annoyed, actually) that there was no contextual link to the Bubble manual when hovered, which forced me to conduct a forum search just to understand exactly what ticking that checkbox would do.
FWIW, it’d be nice if new features were first officially documented and then posted to the forum with a link to the docs (and perhaps a synopsis with rationale if warranted).
Maybe complex but if you have a “thing” that is “ one time approve codes” with fields “code” and ,”used yet”
Generate a unique string as the code on a button click. Verify it doesn’t exist already. Save this as a “send code” with field “used already” marked no. Send a non signed up user a url with URL parameters with the code
Use the code as verification
Make everything on the visitor page invisible on page load. If the url contains a valid code, and a search identifies the valid code is not marked used already, make everything visible. If not, redirect.
After verifying the code works, mark this used already.
Thanks for the feedback, it is helpful for us as we evolve our processes and get better. I actually am planning on adding the hover link to the docs this week, but realize it would have been nice to go out with the change itself.
Thank you for your answer! Unfortunately, that does not work for me, because I need to generate public links that do not change and could be opened by anyone. It can be an order confirmation page, that you share with the client (or public profile user page, or whatever).
And the surprising thing is that seems there is no secure way to do that! To make this page viewable by anyone, I need to check the box “find in search” for that datatype. And this option “find in search” is basically makes it viewable by anyone who can run queries to the backend (it’s rather easy, am I right?).
We have rolled out a minor tweak to the default privacy rules setting due to some confusion that has come out of it. You can see below what it looks like now:
When creating a new data type, the default is now unchecked, i.e. the data type would be created without any privacy rules
If you check the box, the data type will be created as private, i.e. with a default privacy rule that only the creator can see a thing. This can of course be modified in the Privacy tab:
